 So, a proxy is one way to bypass a firewall, that's one requirement. Hide from the server, that's the second requirement. That is the server doesn't know your IP address, okay. Now you need to be careful, a server can identify you based upon your IP address, like in the logs, whoever accesses it. But also many websites can identify you from other ways. Of course if you log into the website, they identify you. So if you use cookies, and you visited that website before, I don't know how cookies will work with a proxy, but it's possible depending upon the website that the website can still identify you. So if you want to hide yourself from the website, a proxy is a basic method, but it's not always, it will not always work. But it allows you to hide from others who may be trying to see who you're communicating with. Because what the others see, anyone here sees that you're communicating with a proxy. Anyone here sees the proxy communicating with a server. So they cannot see that you're communicating with a server. So that's one security requirement met. All of this depends upon the trust of the proxy. The proxy sees who you're communicating with and they see your data. So the proxy can do anything, well you're not secure against the proxy. What about using HTTPS? So what's the difference now? Still the addresses are the same. You send to the proxy, the proxy sends to the server. But now you encrypt the data. HTTPS, your browser encrypts the data, and there are different ways for this to work, but one way is they encrypt the data, send to the proxy. The proxy decrypts the data, and then encrypts again and sends to the real server. So we can use some encryption such that others in this portion of the internet and here will not be able to read your data. So if we compare HTTPS, the firewall can potentially read your data. Others out here can read your data. With HTTPS, we can prevent that. They cannot. And be aware, when you're using HTTPS with a proxy, the proxy can still see your data. The proxy must be able to decrypt what you sent to it so it knows where to send it. So you encrypt data saying send this data to server S. You send it to proxy, the proxy must decrypt that to know to send it to S. And then they encrypt the remaining data and actually send it to S. So important to note, the proxy can see your data. What that means? You're using a proxy and you want to log into Facebook. It's not secure from the perspective of the proxy. The proxy can see your login credentials. Even if the proxy says it's using HTTPS, even if Facebook says it's using HTTPS, the proxy still has access to that data. The encryption with HTTPS is what we call end-to-end. It's between two endpoints. So if you want security between you and the real server, you cannot go via the proxy because the proxy needs to read it to be able to send it on. So using a web proxy can protect against others, but it cannot protect from the proxy reading your data, which suggests don't use proxies to do anything that requires confidentiality of your data because you place your trust in the proxy and how much do you trust? Where do we go? Who trusts this website? Who's ever used it? You've never used it before. How do you know that they're not just being a free proxy and just stealing all of your data? You don't. You go to this website and you'll see lists of hundreds of proxies. You don't know any of them. So if you're using it, then how do you know that they're not just intercepting all your log-ins when you try to log into websites? So generally, don't use proxies to log into websites. Just use it for normal browsing that doesn't require confidentiality. Or set up your own proxy. Well, that's a bit more complex. So how can we get around that? Well, we'll look at another approach. VPNs, virtual private networks. Who's used one? A VPN. OK, so we'll use one in a moment. There are different ways to do it, but let's explain the concepts. A VPN, we'll see it uses encryption. It encrypts your data between two points. Normally, when you use the internet, unless you use a specific option like HTTPS, normally you use HTTP and there's no encryption. You send an email, no encryption. VPNs provide encryption by default between two points in the internet. And they use a concept called tunneling. Let's see if we can explain it in a simplistic approach. With a VPN, we have a VPN client and a VPN server. The VPN client is usually your computer. You install some software or your operating system has some software. And you need a VPN server. So either a free VPN server or one you pay for. We'll give you some examples. So we have you. You want to access this web server. Here's your VPN server. Maybe you're paying to use this VPN server. With respect to the addresses, it's not exact, but from the point of privacy, we see what happens with the addresses. What happens is that you have a packet to send to the server. You want to access the website. So your computer creates a packet. And you can think there's some data inside there. The destination is s. And the VPN software on your computer sets the source to v, where v identifies the VPN server, not you. And I put the lines through this to say all of this is encrypted. So your data that you're sending to the web server is encrypted. And the address of the web server is encrypted. That's what we call the inner packet. That's what we want to send to the web server. Then your VPN software puts that inside another packet, where the source address is u, and the destination is your VPN server. And it's this outer header, this outer packet information, that tells the internet these routers where to send this. So the data is this encrypted portion. And it's going to be sent from u to v. You send it to the router. It goes to the firewall. The firewall checks destination v. It's not s. Let's let it through. So we bypass the firewall because the destination is v, not s. The packet eventually gets to v. v is the VPN server. And what that does is takes the inner part and decrypts it. And when you decrypt it, what do you get remaining? Well, this. You get the original data you want to send to the website. Source is v. Destination is s. That is then sent across the internet. The server receives it. The server, the website, thinks, ah, here's a request for a web page from the VPN server, sends back a reply to the VPN server, which will then encrypt again and send it back to you, allowing you to see the content. How is it different or what services provide different from our proxy? The firewall cannot see that you're communicating with the server. What does the firewall see? It thinks you're communicating with v, not s. So there's one requirement met. The firewall cannot detect who you're communicating with. Others out here on the internet cannot see that you is communicating with s. The others out here think v is communicating with s. So again, our requirement of hiding who's communicating has been achieved. These ones think it's v to s. These ones think it's u to v. No one knows it's actually u to s. The server, when it receives the packet, thinks it came from v. It doesn't know about u. So the server cannot identify you. Encryption is performed between u and v. So over this portion of the network, no one can read your data. You have encryption. But from v to s, there's no encryption. Therefore, someone here can still read your data. So don't use it for confidential data. The VPN can still read your data. The VPN can read your data and knows that you're communicating with s. So you can't hide it from the VPN. They know it's u talking to s, but others do not. So we're getting there in terms of achieving this full privacy and confidentiality that now we still have a problem that these ones can see your data. And we also rely on the VPN server. Who has a VPN server? Well, the question more is who has a server out on the internet, a computer on the internet? Sorry? Not Dropbox, although different things you can achieve with that. Maybe a hosting server, an Amazon instance, like you pay usually per month to access a server. That's also a US model class. Yeah, or you have one in another location. So you can usually use them as a VPN server. So usually outside of your network, your normal network, often they require paying. You pay per month to use some other computer. And that can act quite easily as a VPN server. How do we, well, go direct to it. HTTPS, same. Except now we have our data encrypted between you and the server. Your browser encrypts the data. The VPN software encrypts the data plus this inner header. When the data arrives at the VPN server that it's still encrypted, HTTPS encrypted it. The VPN server cannot read the data. Others on this portion of the internet between V and S cannot read the data. So this is much better in that no one can read your data. No one knows or the intermediate nodes except the VPN server know who you're communicating with. So we've got this privacy of actions. I say the server cannot identify you by IP address, but if you're using HTTPS and if you're logging into that server they can still identify you. Or if you're using cookies to access their website they can identify you. So we're getting close. Except we still rely on the VPN server. Let's set one up, let's try a VPN. And everyone has access to a VPN. Everyone has at least an account on ICT. Almost everyone. Where are we going? Sorry. Well, there are multiple technologies for setting up a VPN. VPN is a general concept but there are different implementations. Some you'll hear about. So there are different protocols that do it for us. PPTP, L2TP, IPsec, openVPN and lesser popular secure shell. All of these protocols that allow us to do the same thing as what we see in this general VPN concept. Who has a mobile phone here today? Android or iOS? Open it up. Open it up. Don't worry, I have Symbian. Open up your phone and go to the network settings somewhere find the VPN settings. Should work on both. So I can't remember the exact settings but you can find it. Find somewhere under network or advanced settings a VPN. And you should find that you can select from different VPN technologies. I think in Android, you go to the network settings and you can select VPN. And you can add a VPN network. And in Android at least, and I think iOS is about the same. We cannot see it, but there are different types of VPNs. You should see, if you see the VPN settings, you'll see types of PPTP, IPsec and L2TP and some variations upon them. Can you find them? So that's saying you can use different VPN settings or different types of VPNs. Of course, to set that up on your mobile phone you need a VPN server. Let's have a very quick try. If you go on your laptop to vpnbook.com, you'll find they provide a free VPN server. See if I can find the website. If you go to vpnbook.com on your laptop, they provide a free proxy plus a free VPN server. Do we trust them? Well, we hope so. But you can at least try them as a quick attempt. And you may be able to try it on your mobile phone. With the exception, if you do this within SIT, I think SIT blocks these VPN software. You may have to use it over 3G. So we will not spend much time on it, but you may try that. It's something you may try outside of here. If you go to vpnbook.com, I'll open up the browser. And if you scroll down, you'll see down here free open VPN and PPTP VPN. Select PPTP. And I haven't tried this, so I don't know if this one will work. You may attempt. So when you set up a VPN, you need the address of the VPN server. And this company or this organization provides several in Europe, in UK, and in the US. You can select anyone. I think in your mobile phone, you select one of these as the VPN server address. And you need a username and password, and it's here. So again, I haven't tried this, not with the mobile phone, right out of time. Connected. And if it connects, maybe then on your phone, visit a website like, what is my IP address? And see if it shows you your IP address. I cannot do it on the laptop, because SIT blocks PPTP inside here, the firewall. So on your phone, you should be an option to set the address of the VPN server. Choose any one of these. It doesn't matter. An option to enter the username and password. Here they are. And then there should eventually show on your phone connected. And once it's connected, then open your browser and access a website. And if it's all working, everything's going via this VPN server. Did it work? Okay. Does it identify where you are? So here he's on his mobile phone. He's in Stockholm. And his IP address is that, not of his or SIT, but of the server. So to check that it's working, open a website and go to, what's the URL? What is my IP? Go to a website that tells you your IP address. Yeah, there are many. What is my IP address.com? So when you normally go to this website and others, they can identify you. This is just a website that tells you who is, what is your source address? Well, it identifies me as being at Thomas Art University with this IP address. Well, there's network address translation going on here that it cannot identify Steve's laptop, but it can identify I'm in Thomas Art, which is not good from a privacy perspective. Then if you've got your VPN set up on your mobile phone, go to this website and see what it identifies you as. You can use PPTP on most operating systems built in, but like I said, SIT blocks it, so you may have to try it from home on your laptop. We'll try a different one that does work. Those that aren't using their phone can make sure you have open VPN installed, okay? Did it come up as a different address? Okay, so the address that this website identifies you as is the address of the VPN server. So the website doesn't know who you are. What is my IP address dot com? Just as a test. Maybe browse a few websites that you've accessed, see what the speed's like, okay? While you have the VPN connected, just visit one or two websites that you commonly use on your mobile phone and see if you can tell if there's a difference in the speed. That is, is there a long delay or not? Sometimes it may be. So that PPTP is one way to set up a VPN. VPN book is just a free VPN server. If you want, if you don't trust them, then usually you need to set up or pay for your own VPN server. Let's try another one, which you can do on your laptop. It's using secure shell. So if you're using Windows, you need to have Putty installed. And it was on the website. Who has it? If you're using OSX or Linux, you can use the command line for this. So in your laptop, if you want to follow along, you need a secure shell client. I don't have Windows. We can use secure shell to do the same thing as long as we have a secure shell server to connect to. And almost everyone here does have a secure shell server. The ICT server acts as a secure shell server. Those that have taken my courses have probably used it. They've logged in. And their username is this with their ID and their password that it was set. Those that haven't taken probably have a login, but they may not know their password. So when you, maybe later, we can change your password so you can log into ICT. But just for today, I've set up another one on my personal server, which everyone can use. But you need secure shell. So we'll use sandylands.info as the destination, the username, VPN, test, password, S-I-T demo. Here you use your laptop to try this. If you're using, again, Linux or OSX, you need to open up a terminal and run this command. If you're using Windows, you need to open up putty, which you need installed, which you don't, if you haven't. This is just the first step. Just for those who have OSX and Linux, so on the command lines SSH secure shell, this is minus L, L for login. This will not work on Windows. VPN test is the username. These options, we don't need to explain too much, minus N, minus D, and some port number of chosen and you can use the same 6666 and then the destination address and it will prompt you for the password and there it is, S-I-T demo. That creates a secure connection between your computer and our VPN server, sandylands.info. And on Windows, I don't have the screenshot, but who has putty installed? Yeah? If you do, if you don't, you can go to the ICT website that we had before and download and it's a quick install. I'll go back to it. If you do, sorry, flicking through, I can't find my web browser. If you don't have it installed yet, it's here under Tilda S Gordon VPN test and you can install it, it's just a two megabyte file. Once installed, then you look for, there's some configuration options, some menu configuration, and then there's look for connection SSH tunnels and you should see these options of source port, destination, and forwarding. Did it log in? S-I-T demo. The password, the username is VPN test, the password is S-I-T demo. Simple. Did it log in? Connection SSH tunnels and yeah, there's three things, correct, dynamic. So when you get to the window under tunnels, you set the port, you set the destination, you select the checkbox dynamic. Is that right? I think so, yeah. Did it work? Look for tunnels, SSH and go down. Tunnels. Dynamic, port, destination. Okay, so install party. Okay, connection SSH, expand. Source port, destination, and select dynamic. Source port as on the screen, 6666, and make sure you select dynamic. Yep. The password is S-I-I-T demo. So in party, once you've set those options, then you connect to sandilands.info and it'll prompt you for a username and password, which are, sorry, VPN test and S-I-T demo. And it should log you in, although provide you no interactivity, but it connects you to the VPN server using the protocol called secure shell SSH. This is maybe the most complex ones of setting up, but just as a demo. Did it log in? And there's no feedback, so on OSX or Linux, there's, you'll type in the password, then it will sit there doing nothing, it's logged in. Then open your browser and look for the proxy settings. S-I-I-T demo, S-I-I, it's typing, sorry, try again. Press enter, enter. It just doesn't show you what it's typing, so it is typing, so you may have to close and start again. Did this log in okay? Oh, yes, that's logged in, done. Once you've connected, so it prompts for you username and password, you have the tunnel connected from your computer to the server. Now you need to get your application to use that tunnel. Open your browser and we need to change some settings in the browser to use the tunnel. I will do it in Firefox, but it'll be similar in others. Somewhere in your browser, there are preferences or options. Find your options or preferences and you should have many different options to choose from. In Firefox, it's under advanced and network. You're looking for something about how your browser connects to the internet or proxy settings. It'll be different in all browsers, but it should exist. So you find your browser settings, which should do with proxy or how it connects to the internet and there, so in my case, it says choose a proxy and I need a manual configuration. You want to set the SOX proxy. Make sure all the others are empty, set the SOX, the host, the local host and the port to the one that you set before, 6666. Again, it will look different in different browsers, but I think you need to look for SOX. Did you find your SOX? Network, network settings, okay? So find your options somewhere, yeah? Okay, and dynamics, okay, and now have you got some other window? What happens when you press open, nothing. Go to session, select the host name here, Sandylands.info. Sandylands.info, maybe we missed that step. Oh, possibly, some people are logged in. It doesn't provide any feedback when you're logged in. Oh, okay, now it's logged out, has it? There may be a limit. Is anyone still logged in? Oh, okay, all right, we may have a problem. Too many people logged in. One last test. I see, I think everyone's having the same problem that some people logged in, but now it's disconnecting. I think there's a problem with the server, okay? This one is the hardest one to set up and actually relies on having the server set up to support SSH, which I tried on the shared one, but it's not working, I think, because the server got overloaded when everyone connected. I can't even log in. So we're gonna have to fail that one. What will you do in the future? Because in fact, this demo server, you will not have an account after today. It was just for today. But you do have an account on ICT server. So in this demo, you use Sandylands.info and VPN test. If you have an account on another server, ICT, you can use that and you log in there. And all right, it's not very interesting now. What you do is you set up your browser to use this SOX protocol to connect to the local host and the port number here, and once you do that, if it worked, again, your browser that would then tunnel or go via the VPN server. So if you connected to a website, it's all sent to Sandylands.info and then sent onto the website. So it was one way of providing a tunnel, but it didn't work. Let's try another way then. So PPTP worked on your mobile phone for some people. SSH would work if you had a good server to connect to, but there are not many free servers for secure shell. You're lucky in ICT, you can use that in the future. Let's try the last one for a VPN and it's called OpenVPN. Let's not try and get secure shell working. Let's try OpenVPN. So with PPTP, one VPN solution, usually your operating system supports it automatically. There's nothing to install. With secure shell, you needed to install some software and you need the server set up. There's a third alternative called OpenVPN and again, you need to install some software on your computer for it to work, the client. So, and it takes a bit, if you haven't done it, then I think you can do it quite quickly. There are really three steps. You need to install the OpenVPN client and for OSX and Windows, they are on the website that I provided before, if you haven't installed them. Who hasn't been installed? Who has OpenVPN? Anyone? It's installed okay on the Mac? Yep, okay. Then how to install on Windows? There's a version for 32-bit and most likely you have 64-bit so simply go to, it's very easy to install. I can find my web browser. Go here and choose OpenVPN and install it. It's only two megabytes. Choose the one based on your architecture. 64-bit or 32-bit I686. Install OpenVPN client. This should work better than SecureShell. You've got to install and then you can download, if you go back to the directory, you'll see a .op, or a gzip file I think. Or you can download it direct from here. It's just a copy. Let's go to FreeVPN, OpenVPN, one of these files, one of the bundles. I think you need to somehow open that in OpenVPN. Yep, install. Once OpenVPN is installed, then you go to vpnbook.com, the website, and find the OpenVPN option and download one of their bundles. You'll see it there. You've installed it. You need to compile it. I think you just need to install it. Pseudo type Pseudo apt-get install OpenVPN. I'll show you. So on Windows, once it's installed, you go to vpnbook.com, find OpenVPN profile, and I think they're what they call bundles. And you choose your location, US, UK, and so on. You download that file. I think it's a zip file. And inside there, there are multiple files again. And you open that profile inside OpenVPN. So multiple steps here. Install the client, download the profile, open the profile. Don't look at the password here. Look at the password on the website for VPN book. It changes quite often. This free VPN server, they change their password. So you actually need to manually go back and get it. You're installing. You can just install from here. You're compiling. No, here, Pseudo apt-get install OpenVPN. So this is, you downloaded it. Have you done this? Okay, then download, go to VPN book, and download the profile. If you choose the profile that you want, this buys his VPN. You can use his or you can use, if you go to vpnbook.com, they have some profiles that you can use. You don't need this one. Go to the website and you'll find the files to download. Works. And in OpenVPN, the client should have some way to load that profile. And try the TCP 443 profile. That'll make sense once you've opened it. Works. So you choose one of them. And now one of these files, the 443 file, open that in OpenVPN. So if you start OpenVPN, it will let you choose or maybe save those files or extract. There are four different ones. One of them finishes with TCP 443. Choose that one. And now start OpenVPN, which you just installed, and it should give you, it's already running. Do you have it running somewhere? No, close this. Yeah, double click to extract. And then the profile needs to be loaded in OpenVPN. Is it running somewhere? Maybe in the taskbar. Okay, is it somewhere down here? I don't know, the icon. Did yours open? Yeah. And you need to load. So you've downloaded the file, extracted, and then open that profile. Are you? Are you? Is it manual? Confirmed. No, let me check. How do you open in Windows OpenVPN profile? Oh, can you just open it? Yeah. Oh, you need to put it in there. Okay, it's a bit more complicated than we hoped on Windows. So if you're using Windows and OpenVPN, the last step which I didn't show is that you downloaded this profile or bundle in there, you extract it and copy those files, I think, into this directory, and then start OpenVPN. That's for Windows. Are you using Ubuntu or Linux? That one was easy, I think, on the VPN book website. On the VPN book website, there's the instructions. In fact, the instructions are probably best from the VPN book website. It has a set of how-tos, much better than my slides, for each operating system. Yeah, did it work? Yeah, it's really happy. Okay, so someone's got it working on Windows, but it's not working very well in that it's slow. Good point. Go to the VPN book website. And there's how-to and how to do it on Linux. Did it work here? There's, on the VPN website, there's a how to set up. Okay, it's working. Now, access, can you test it at working? Go to whatismyipaddress.com. You'll know it's working when your web browsing is very slow. Because it's a free VPN server, maybe many people are using it, and maybe the resources are not sufficient to support all those users. Try that. Those people that got it working may want to try and install and use the Tor browser bundle. That's maybe the easiest of all of them to install. Download, extract. So if you've got your open VPN working, we'll look at a final option. You can download from the ICT website the Tor TOR browser bundle for your particular operating system. Did it work? You put the files in this. I think you need to do this step first. That is, you downloaded the bundle, the profile. You extract the files and save them in here. So where are the... Okay, yeah, those need to be saved in this directory on your computer. So extract them to there. Extract. And now copy and paste them into that directory. And then start. Then try and restart open VPN. Try. So it worked. Works on Linux, but very, very slow. Yep. Sometimes using a different server. Which one did you use? US, UK? US. Okay. Sometimes a different server. Maybe less loaded. Sorry? It says after a moment here. From Romania. Yeah. So you got the Europe one. Those two worked. Works. Open VPN. Yep. Good. Especially the VPN. What was the difference between the... So, just different techniques for all providing a VPN. Okay. You get the same servers. You get the same... Yeah. The same level of security. Just, you know, with PPTP, it was already on your Android phone. Or on your phone. It's already in Windows. PPTP is installed and ready. So it's much easier to use. Open VPN, you need to install software. So that are the main differences, the convenience. We'll look at a little bit at the end. Compare each of them. But basically, it depends on what computer you're using. Mobile versus laptop. Yeah, there's not much difference. Okay. We'll see who else gets going. That's the point, to see it slow is important. Because that's one of the problems with VPNs. Especially free ones. If you've got it working, and I see a few people have got open VPN working, the last one may be to download and install the Tor browser bundle. It should be the easiest of all. Yes, yes, yes, yes. Did it work in the end? Okay. The passwords on the website. So yeah, copy them. If you copy them into this directory, then I think you need to start OpenVPN. Yep. Oh, it's already run. It's fine. So somewhere in here, is it? Somewhere. That one, is it? I don't know where it is. Must be somewhere. It's not. Let me find out. Try Tor. TOR. Did you find it? Okay. Alright, install. It depends on what architecture you have. You have 64-bit or 32-bit. Do you remember? So you want this one. No, x8664. This one. This one should still work. I think that will work as well. The last task. Install the Tor browser bundle. If you've got VPN working. It's here. Or the instructions for installing are here. You can actually download the package from the ICT website. If you go to the ICT where you downloaded the other software, you'll find I've put the Tor browser bundle there as well. Just connect. Make sure all your VPNs are turned off. Don't use them at the same time. That is, if you're using Tor, make sure you've disabled OpenVPN. We don't want to confuse. You only need one at a time. Tor browser bundle installs all the setup and provides you a browser as well. With the aim of not doing all the things like cookies and so on. Which one did you use? 443? Yeah, 443. It should say something like initialization complete. When it's finished, it's going. Yep. It takes time, you see. Some error there. You may want to try a different destination. The username is on VPN Book. If you go to the website for VPN Book. The username is VPN Book. The password is this one. It's H2. Try Tor. If you go to ICT, you can download it and then you have it already. They suggest don't install it from the package manager. It takes some time to connect. You see, it's connecting. You have to wait a bit. It's a free VPN server, so there may be many people using it. If you really want good performance, you need to pay. If you install the Tor browser bundle and install it, then once it's finished installing or once you start it, it should bring up a browser saying congratulations. Then browse using that browser. It's effectively using a VPN, but even better, we'll see that to finish today. Once it opens up that browser saying congratulations, visit a website or search. Maybe what is my IP address via the Tor browser? Tor browser? It's connecting. Yep, it's connecting. Yeah. It takes a while. And especially since everyone's connecting via maybe our Wi-Fi. So I think people, to install Tor, it's quite easy and it takes a while to connect. Once it's connected, then you should be okay. Your OpenVPN worked before? Did it work before? It's never worked. Did you install from the package, sudo apt-get? Yeah, okay. Ah, yeah. Try the command with sudo. Oh, sudo. Hmm? You have to pay for it from the iPad. Tor? They don't have Tor, so people make the other browsers that connect to Tor. There you go, write an application that does it. You can use it for free. Yeah. If you break your iPad. Yeah, you break it. How to go? Determine, yeah, the speed test will be interesting. It should be very slow. I forgot with Ubuntu, you need to run it as sudo. Let's see if it connects. Tor worked? Yeah. Fast or slow? Faster than OpenVPN? Maybe. It depends on the servers. It depends on many things. Who connected with Tor? Hands up. Yes. Tor? Did it connect eventually? Still connecting. Why is it so slow? Are you sure you don't have a firewall or anything? I think it takes a long time. It should present a warning if the firewall blocks it. It eventually connected, Sam. Yep. And it worked, yep. Now just... You can't... You must use it. Okay. It should be slow. It possibly will be slow. Yeah, almost random. Okay, so... Some success. Some not. SSH didn't work, but that's just the server. I think if in the future you wanted to use it, you could. OpenVPN worked for some people, for most people. Very slow. Tor is maybe the easiest. You just download and install. There's not much to set up. Speed may be an issue. I'll just try and summarise what we've done about those, and then we'll finish, and then we can come back to any software if we need. And talk about the difference between them all. So... Web proxy. You just visit a website, and that forwards your data to the real server. VPNs. A secure connection to a special VPN server, which then forwards the data to the real server. There are different ways to set up a VPN. We tried SSH. It didn't work, but we may try again one day, and I'm sure we'll get it to work on a different server. We tried OpenVPN as an alternative. And it worked for some of you. Okay. Using the free VPN book. But note the VPN book is just one of the many free VPN servers. You'll find that it's quite slow. If you want good performance, you usually need to pay for access to a VPN server. Maybe a few dollars a month. On the mobile phone, we tried PPTP. And it worked. There are others. IPsec, L2TP. Just different ways to set up a VPN. We'll look at the... We'll compare them in a moment. And... We don't know why it's secure, but, of course, we must trust the VPN. The VPN sees all of our communications. If we use HTTPS, the VPN cannot read our data, but still knows who we're communicating with. Then some of you got to install... Install Tor, the onion router. And we don't have time to explain how it works in detail. It's almost like a VPN, but better. Let's go straight to the HTTPS. With Tor, your computer sends to some special other computer that's running Tor as well, which sends then... So that's your computer sends to T1. So, again, it bypasses the firewall because the source is you, destination is T1. And that's what the software did. It sent to T1. And then T1 sends to another Tor computer, T2, which sends to another and eventually to some exit and then out to the server. So think of it as like a VPN, but multiple hops. With a VPN, we send to one VPN server and then to the destination. With Tor, think we send to one encrypted, it's all encrypted. That sends to another all encrypted and then eventually to the exit and then out to the server. What this provides is privacy from these intermediate nodes of who you're communicating with. It's set up such that T1, when it receives from you, it knows it came from you. And it knows it needs to send to T2. So T1 knows about you and T2. It doesn't know who the exit or T3 is and it doesn't know the server. T2 receives from T1, so they know the address of T1. It sends to T3, so it knows the address of T3, but T2 does not know about you, E or S. And similar, E receives from T3 and has to send to S. Not those two neighbors. But E, the exit node, doesn't know that it came from T2 or T1 or actually came from you. This set up is such that you cannot determine who's the original source and who are the intermediate nodes in this path. So it's the case that each node in the network only knows the immediate proceeding node that sent it to it and the immediate next destination. So T2 doesn't know it came from you. T3 doesn't know it came from you. E doesn't know it came from you. Therefore, they cannot connect you with the server. Okay? The end result, we use encryption in all of these paths. The firewall cannot read the data, it's encrypted. If we use HTTPS, our data is encrypted and the tour nodes, these intermediate nodes, do not know that you are communicating with the web server. If you compare to VPN, the VPN server knows that you're communicating with S. That's the problem with a VPN. You must trust the VPN server. With tour we get everything the same but the intermediate servers don't even know that you're communicating with S. That's the main benefit of tour. Full privacy in that no one knows that you're talking to S to finish. Many different ones for a VPN. So we there's SSH, OpenVPN, PPTP, L2TP. What's the difference? It depends on what you need to install on your computer. Some are built into the operating system, some are not. Some we need to install like OpenVPN. Some only work for some applications. SecureShell only works for web browsing. The others work for all applications. You use your instant messaging, your email client and the others use the VPN for that. SecureShell does not. All of them have good encryption although PPTP has some flaws in it so it's not as strong as the others. Some of them have some overhead that makes them slow. I think you saw that the VPNs were quite slow. There's a small difference between each of them but usually it's not so significant. Some of them are blocked by firewalls so PPTP and L2TP use protocols such that it's very common for firewalls to block them. That's why we can't use them inside SIT. Whereas OpenVPN works well through firewalls. So there's a trade-off in terms of convenience as to which one's easiest to install, which one's easiest to get through the firewall. There's no one best solution for VPNs. There are different ones. And the last slide. On the left no security. There's a lot of security problems. There's a lot of security problems with browsing either HTTP or HTTPS using a web proxy, using a VPN, using TOR. The first five or the first four are our security requirements. Do we provide data secrecy? Can someone else read our data? Can we bypass the firewall? Can someone else identify us? And some comparison between them. With basic, with nothing, we don't have any security effectively unless we use HTTPS, our data's private. Of course it's free. We don't have to install anything. And it's the best performance. With a web proxy, we don't have any data secrecy. We must trust the proxy. There's a problem there. But we can bypass a firewall. We're protected from others, although not the proxy. And we can hide from the server. The server doesn't identify us. Same with a VPN. But a VPN, we can do better with respect to data secrecy. We use encryption, especially using HTTPS. With TOR, again, similar to a VPN. But with a VPN, we must trust the VPN server. With TOR, we must trust a particular server. We still provide privacy with TOR. So that's considered the best in terms of privacy. Log analysis is, let's say you've used these for a month and then someone comes, some legal department comes after you and tries to find out which website you accessed. Can they go back and look at all the logs to try and find what you did? Can the police department another country and ask the policeman department there to check the logs of the VPN server? So this extreme requirement of what does someone need to do to find out what you did? Well, they go and analyze the logs. With normal web browsing, they either ask the internet service provider or ask the web server. And they provide the logs and then they find out you accessed it. With a proxy, they either ask the ISP or server or they ask the proxy server. OK? If they have power over the proxy server, they can do that. With a VPN similar, with TOR, well, there's no good ways for someone to track what you've done. So with TOR, with respect to privacy, it's the best. It's very hard for someone to even analyze the logs to see who you're communicated with. Last one. Cost. Proxies either add supported or you can pay for a small amount per month in the order of dollars per month. VPNs are typically to get good VPNs you need to pay. The free ones are OK for a quick use but not for prolonged use. TOR is free. OK? It uses everyone else's computers to go viral. Which one's easier to install? Well, you tried it. So you can compare which one's easier to set up. Performance. Well, proxy, usually OK VPN depends upon where the servers are. TOR is usually the worst. May not, maybe not today but in general, it's usually the worst in terms of performance. TOR is commonly used today to people to to WikiLeaks and to like it's TOR was developed by the US government a research department the Navy but it's considered secure. It's used a lot in countries like Syria and Egypt in the past which they've used it to bypass firewalls but also to not get detected by that true privacy you don't depend upon some server because if you depend upon some VPN server or proxy server then maybe the government just goes to the operator of that VPN and says tell me who accessed this website with TOR they cannot do that but here's the red box, it's the slowest. So you need to choose what are your requirements how much you're prepared to pay and what usage you want out of it to choose the best solution